cbcvebase.

Youngzsoft Cmailserver vulnerabilities

7 known vulnerabilities affecting youngzsoft/cmailserver.

Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2008-6922P3CRITICALCVSS 9.3PoCv5.4.62009-08-10
CVE-2008-6922 [CRITICAL] CWE-119 CVE-2008-6922: Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which a
nvd
CVE-2003-0280P3CRITICALCVSS 10.0PoCv4.0.2003.23.272003-06-16
CVE-2003-0280 [CRITICAL] CVE-2003-0280: Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote atta Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
nvd
CVE-2002-0799P3HIGHCVSS 7.5PoCv3.302002-08-12
CVE-2002-0799 [HIGH] CVE-2002-0799: Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
nvd
CVE-2004-1129P3CRITICALCVSS 10.0v5.2.02005-01-10
CVE-2004-1129 [CRITICAL] CVE-2004-1129: SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.
nvd
CVE-2004-1130P4MEDIUMCVSS 6.8v5.2.02005-01-10
CVE-2004-1130 [MEDIUM] CVE-2004-1130: Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.
nvd
CVE-2007-1927P4MEDIUMCVSS 4.3≤ 5.3.42007-04-10
CVE-2007-1927 [MEDIUM] CVE-2007-1927: Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allo Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
nvd
CVE-2007-1991P4MEDIUMCVSS 4.3≤ 5.4.32007-04-12
CVE-2007-1991 [MEDIUM] CVE-2007-1991: Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possib Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
nvd
Youngzsoft Cmailserver vulnerabilities | cvebase